Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Security Scans and Integrate into CI Process #352

Open
Rodebrechtd opened this issue Sep 11, 2024 · 2 comments
Open

Implement Security Scans and Integrate into CI Process #352

Rodebrechtd opened this issue Sep 11, 2024 · 2 comments
Assignees

Comments

@Rodebrechtd
Copy link
Contributor

Rodebrechtd commented Sep 11, 2024

Implement security scanning for Golang code using GoSec, a security tool designed to analyze Go code and identify potential security vulnerabilities. The GoSec scan should be integrated into the CI pipeline and executed to ensure consistent environments and minimize dependency issues.

Acceptance Criteria:

CI Integration:

The GoSec scan is successfully integrated into the CI pipeline, and it runs automatically as part of the build process.
If the scan fails or finds vulnerabilities above a defined threshold (e.g., high severity), the build should fail.
Build Failures:

The CI pipeline must fail if GoSec finds any security vulnerabilities at or above the defined threshold (e.g., high-severity issues).
Local Run Documentation:

Clear documentation is provided for developers to run the GoSec scan locally, ensuring alignment between local development and the CI pipeline.

Technical Requirements:
CI Config: Update the CI configuration (e.g., .gitlab-ci.yml, .github/workflows/main.yml) to add the GoSec scan as part of the build process.
Fail Criteria: The build must fail if any high-severity issues are found during the GoSec scan.

@Rodebrechtd
Copy link
Contributor Author

@bgins, you can add community label and assign this task to me. I will start the task as soon as the team navigates through the current report

@Rodebrechtd Rodebrechtd changed the title Implement GoSec Scan and Integrate into CI Process [community]Implement GoSec Scan and Integrate into CI Process Sep 11, 2024
@developersteve
Copy link
Contributor

A great idea to build the SAST into the CICD, we already have a solution in place so will move forward with that one instead. Thanks for flagging @Rodebrechtd

@Rodebrechtd Rodebrechtd changed the title [community]Implement GoSec Scan and Integrate into CI Process Implement GoSec Scan and Integrate into CI Process Sep 13, 2024
@bgins bgins assigned developersteve and unassigned bgins Sep 13, 2024
@Rodebrechtd Rodebrechtd changed the title Implement GoSec Scan and Integrate into CI Process Implement Security Scans and Integrate into CI Process Sep 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants